Scala Expression Language Injection
Description
Detects potential Spring Expression Language (SpEL) injection vulnerabilities in Scala code. SpEL injection can occur when untrusted user input is evaluated as a Spring expression, potentially allowing attackers to execute arbitrary code or access sensitive data through expression evaluation.
Detection Strategy
• Check if Spring Expression Language package (org.springframework.expression) is imported in the code
• Look for SpEL expression parser usage in conjunction with expression evaluation endpoints
• Identify expressions that could contain unvalidated user input or dynamic content
• Flag cases where unsafe expressions are passed to SpEL evaluation methods
Vulnerable code example
import org.springframework.expression.spel.standard.SpelExpressionParser
import org.springframework.web.bind.annotation._
@RestController
class VulnerableController {
private val parser = new SpelExpressionParser()
@GetMapping("/vulnerable")...✅ Secure code example
import org.springframework.expression.spel.standard.SpelExpressionParser
import org.springframework.web.bind.annotation._
@RestController
class SecureController {
private val parser = new SpelExpressionParser()
// Pre-compile allowed expressions to prevent arbitrary code execution...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.